Latest Free Tool: ConfigMgr PXE Boot Log

onfigMgr Add2Collection is a free tool that allows IT administrators and support staff to add resources to collections in ConfigMgr independently of the ConfigMgr console. It honors role-based access control (RBAC) to limit visibility of collections where appropriate. It can be used either on the Site Server or a remote workstation using PS remoting.

Today I needed to find a password for a certain account I had used before (but had forgotten), and I remembered that I had stored the credentials in the Remote Desktop Connection Manager, Microsoft’s free RD tool. Of course, it crossed my mind whether these credentials could be decrypted, and it turns out they can, quite easily, with a little PowerShell.

The credentials are stored in encrypted form in the RDG file you create for your RDP connections. It’s just an XML file, so can be easily parsed with PowerShell. Using a handy trick blogged by Thomas Prud’Homme, I decrypted all the credentials found in the RDG file.

The passwords can only be decrypted with the user profile that added them to the RDG file, however, so they are still reasonably secure. If the credentials were added by another account or on another system, you will get a “Failed to decrypt” error as seen below, which is the same error you get if you try to copy the RDG file and open it on another computer or with another user profile.

I had the same problem as you (my passwords are encrypted using a certificate). Find the certificate thumprint–I did this by looking it up in MMC but there are a bunch of ways to enumerate the certificate store and retrieve a thumbprint.

From a security perspective, if someone gets access to the RDG file, is it possible to crack the pw by replicating the username on a test domain on an environment. For example 2 VMs one representing a domain controller having an identical domain name as the real scenario and an identical username in the AD to the one that created the rdg file. The other VM would be domain joined representing a workstation where the user will execute the script above. Good to see if it works in this way, as it would be a nasty compromise.

Then, the output I got was not complete… it missed all the group passwords settings (not all, but a lot of the passwords are inherited from the group entry). I was able to modify the script to get to just the group credentials settings. Unfortunately, I had to get the entire output using 2 scripts since I didn’t know how to process/reference the XML entries for everything in one step.
Oh, and additionally, I modified the script to also display the server address and display name with the credentials. I had too many credential entries to know which ID belonged to which server.

All this to say: I would not have been able to do this much without your insightful script.

@FUZZYSCSI
I am trying to get the password I stored on my RDCM
I will appreciate if you can help me, I have no idea how to do this and I do not have the path “C:\Program Files (x86)\Microsoft\Remote Desktop Connection Manager\